1. 技术文章
  2. Postgres not allowing localhost but works with 127.0.0.1

Postgres not allowing localhost but works with 127.0.0.1

吃可爱长大的小学妹 提交于 2020-01-01 04:21:05

问题


Postgres not accepting connection if I say -h localhost but it works if I say -h 127.0.0.1

[root@5d9ca0effd7f opensips]# psql -U postgres -h localhost -W
Password for user postgres:
psql: FATAL:  Ident authentication failed for user "postgres"
[root@5d9ca0effd7f opensips]# psql -U postgres -h 127.0.0.1 -W
Password for user postgres:
psql (8.4.20)
Type "help" for help.

postgres=#

My /var/lib/pgsql/data/pg_hba.conf

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

# "local" is for Unix domain socket connections only
local   all         all                              trust
local   all         all                              ident
# IPv4 local connections:
host    all         all         127.0.0.1/32          trust
host    all         all         127.0.0.1/32          ident
# IPv6 local connections:
host    all         all         ::1/128               ident

If I add following line then Postgres service failed to start:

host    all         all        localhost             ident
host    all         all        localhost             trust

Wwhat is wrong there?

Update

My /etc/hosts file:

[root@5d9ca0effd7f opensips]# cat /etc/hosts
172.17.0.2      5d9ca0effd7f
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

回答1:


In pg_hba.conf, the first match counts. Per documentation:

The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no "fall-through" or "backup": if one record is chosen and the authentication fails, subsequent records are not considered. If no record matches, access is denied.

Note the reversed order:

host    all         all         127.0.0.1/32          trust
host    all         all         127.0.0.1/32          ident

But:

host    all         all        localhost             ident
host    all         all        localhost             trust

Well, if you really "add" the lines like you wrote, there should not be any effect at all. But if you replace the lines, there is.

In the first case, you get trust authentication method, which is an open door policy. Per documentation:

PostgreSQL assumes that anyone who can connect to the server is authorized to access the database with whatever database user name they specify (even superuser names)

But in the second case you get the ident authentication method, which has to be set up properly to work.

If you are actually using the outdated version 8.4, go to the old manual for 8.4. You are aware that 8.4 has reached EOL in 2014 and is not supported any more? Consider upgrading to a current version.

More:

  • Run batch file with psql command without password



回答2:


The Problem

Postgres will potentially use IPv6 when specifying -h localhost which given the above pg_hba.conf specifies ident, a password prompt will be returned.

However when -h 127.0.0.1 is specified, it forces Postgres to use IPv4, which is set to trust in above config and allows access without password.

The Answer

Thus the answer is to modify the IPv6 host line in pg_hba.conf to use trust:

# IPv6 local connections:
host    all         all         ::1/128               trust

Remembering to restart the Postgres service after making config changes.



来源:https://stackoverflow.com/questions/29802440/postgres-not-allowing-localhost-but-works-with-127-0-0-1

标签
sql
Linux
postgresql
connection
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!